From 5960c8c4a7ec3758792416dea0ec3bae47fb2f35 Mon Sep 17 00:00:00 2001
From: Kristof Willaert <kristof@publiq.be>
Date: Thu, 16 May 2024 18:13:54 +0200
Subject: [PATCH] Escape the pylib path when using it in a shell command

---
 lib/fpm/package/python.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/fpm/package/python.rb b/lib/fpm/package/python.rb
index 5754a053d4..04533ddcaf 100644
--- a/lib/fpm/package/python.rb
+++ b/lib/fpm/package/python.rb
@@ -79,7 +79,7 @@ class FPM::Package::Python < FPM::Package
   option "--setup-py-arguments", "setup_py_argument",
     "Arbitrary argument(s) to be passed to setup.py",
     :multivalued => true, :attribute_name => :python_setup_py_arguments,
-    :default => [] 
+    :default => []
   option "--internal-pip", :flag,
     "Use the pip module within python to install modules - aka 'python -m pip'. This is the recommended usage since Python 3.4 (2014) instead of invoking the 'pip' script",
     :attribute_name => :python_internal_pip,
@@ -230,7 +230,7 @@ def load_package_info(setup_py)
 
     output = ::Dir.chdir(setup_dir) do
       tmp = build_path("metadata.json")
-      setup_cmd = "env PYTHONPATH=#{pylib}:$PYTHONPATH #{attributes[:python_bin]} " \
+      setup_cmd = "env PYTHONPATH=#{pylib.shellescape}:$PYTHONPATH #{attributes[:python_bin]} " \
         "setup.py --command-packages=pyfpm get_metadata --output=#{tmp}"
 
       if attributes[:python_obey_requirements_txt?]